# HG changeset patch # User Christian Urban # Date 1409738474 -3600 # Node ID 3b831b9dc6161c68fcdddcb026a383e6be7d782a # Parent c70342f08326457d4b40d13dd80790dbeb9c0dd6 added some initial handouts diff -r c70342f08326 -r 3b831b9dc616 handouts/ho02.tex --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/handouts/ho02.tex Wed Sep 03 11:01:14 2014 +0100 @@ -0,0 +1,127 @@ +\documentclass{article} +\usepackage{../style} + + +\begin{document} + +\section*{Handout 2 (E-Voting)} + +In security there are many counter-intuitive phenomena: for +example I am happy (more or less) to use online banking every +day, where if something goes wrong, I can potentially loose a +lot of money, but I am staunchly against using electronic +voting (lets call it e-voting for short). E-voting is an idea +that is nowadays often promoted in order to counter low +turnouts in elections\footnote{In my last local election where +I was eligible to vote only 48\% of the population have cast +their ballot. I was, I shamefully admit, one of the +non-voters.} and generally sounds like a good idea. Right? +Voting from the comfort of your own home, or on your mobile on +the go, what could possibly go wrong? Even the UK's head of +the Electoral Commission, Jenny Watson, argued in 2014 in a +Guardian article that the UK should have e-voting. Her +plausible argument is that 76\% of pensioners in the UK vote +(in a general election?), but only 44\% of the under-25s. For +which constituency politicians might therefore make more +favourable (short-term) decisions is clear. So being not yet +pensioner, I should be in favour of e-voting, no? + +Well, it turns out there are many things that can go wrong +with e-voting, as I like to argue in this handout. E-voting in +a ``secure way'' seems to be one of the things in computer +science that are still very much unsolved. It is not on the +scale of Turing's halting problem, which is proved that it can +never be solved in general, but it is unsolved with current +technology. This is not just my opinion, but +from shared by Alex Alderman, who is the world-expert on this +subject and from whose course on Securing Digital Democracy +I have most of my information and inspiration. It is also +a controversial topic in many countries: + +\begin{itemize} +\item The Netherlands between 1997--2006 had electronic voting + machines, but ``hacktivists'' had found they can be + hacked and also emitted radio signals revealing how you + voted. + +\item Germany had used them in pilot studies, but in 2007 a + law suit has reached the highest court and it rejected + electronic voting on the grounds of not being + understandable by the general public. + +\item UK used optical scan voting systems in a few trail + polls, but to my knowledge does not use any e-voting in + elections. + +\item The US used mechanical machines since the 1930s, later + punch cards, now DREs and optical scan voting machines. + +\item Estonia used since 2007 the Internet for national + elections. There were earlier pilot studies for voting + via Internet in other countries. + +\item India uses e-voting devices since at least 2003. They + used ``keep-it-simple'' machines produced by a + government owned company. + +\item South Africa used software for its tallying in the 1993 + elections (when Nelson Mandela was elected) + and found that the tallying software was + rigged, but they were able to tally manually. +\end{itemize} + + +The reason that e-voting is such a hard problem is that we +have requirements about the voting process that conflict with +each other. The five main requirements are: + +\begin{itemize} +\item {\bf Integrity} + \begin{itemize} + \item The outcome of the vote matches with the voters' + intend. + \item There might be gigantic sums at stake and need to be defended against. + \end{itemize} +\item {\bf Ballot Secrecy} + \begin{itemize} + \item Nobody can find out how you voted. + \item (Stronger) Even if you try, you cannot prove how you voted. + \end{itemize} +\item {\bf Voter Authentication} + \begin{itemize} + \item Only authorised voters can vote up to the permitted number of votes. + \end{itemize} +\item {\bf Enfranchisement} + \begin{itemize} + \item Authorised voters should have the opportunity to vote. + \end{itemize} +\item {\bf Availability} + \begin{itemize} + \item The voting system should accept all authorised votes and produce results in a timely manner. + \end{itemize} +\end{itemize} + +To tackle the problem of e-voting, we must first have a look +into the history of voting and how paper-based ballots +evolved. We know for sure that elections were held in Athens +as early as 600 BC, but might even date to the time of +Mesopotamia and also in India some kind of ``republics'' might +have existed before the Alexander the Great invaded it. +Have a look at Wikipedia about the history of democracy for +more information. + + + +\subsubsection*{Questions} + +Coming back to the question of why I use online banking, but +prefer not to e-vote. + +Why do I use e-polling in lectures? + +\end{document} + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: diff -r c70342f08326 -r 3b831b9dc616 handouts/ho03.tex --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/handouts/ho03.tex Wed Sep 03 11:01:14 2014 +0100 @@ -0,0 +1,30 @@ +\documentclass{article} +\usepackage{../style} + + +\begin{document} + +\section*{Handout 3 (Buffer Overflow Attacks)} + +By far the most popular attack method on computers are buffer +overflow attacks. The popularity is unfortunate since we now +have technology to prevent them. But these kind of attacks are +still very relevant even today since there are many legacy +systems out there and also many modern embedded systems +do not take any precautions to prevent such attacks. + +To understand how buffer overflow attacks work we have to have +a look at how computers work ``under the hood'' (on the +machine level) and also understand some aspects of the C/C++ +programming language. This might not be everyday fare for +computer science students, but who said that criminal hackers +restrict themselves to everyday fare? Not to mention the +free-riding script-kiddies who use this technology without +knowing what are the underlying ideas. + +\end{document} + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: diff -r c70342f08326 -r 3b831b9dc616 style.sty --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/style.sty Wed Sep 03 11:01:14 2014 +0100 @@ -0,0 +1,13 @@ +\usepackage{xcolor} +\usepackage{fontspec} +\usepackage[sc]{mathpazo} +\usepackage{fontspec} +\setmainfont[Ligatures=TeX]{Palatino Linotype} +\usepackage{amssymb} +\usepackage{amsmath} +\usepackage{menukeys} +\definecolor{darkblue}{rgb}{0,0,0.6} +\usepackage[colorlinks=true,urlcolor=darkblue,linkcolor=darkblue]{hyperref} + +\newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}% +\definecolor{codegray}{gray}{0.9}